[Openmcl-devel] make-keyword

Tim Bradshaw tfb at tfeb.org
Thu Oct 22 08:52:28 UTC 2009


On 22 Oct 2009, at 09:32, Taoufik Dachraoui wrote:

> I implemented make-keyword using read-from-string, how is this
> compared to using intern?

Don't use READ-FROM-STRING: it can do anything at all depending on  
what is in the string.  Think of it as an SQL injection attack, but  
much worse.

--tim

(For others on the list: I know about suppressing the read-time eval  
stuff, which makes this a little better.)



More information about the Openmcl-devel mailing list